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Listing of Claims : 

1 . (Previously Presented) In an initiating system, a method for establishing a 
new group identity with a group identity information document comprising: 

creating group identity information for inclusion in the group identity information 
document; 

generating a group-signed group identity information document comprising the 
group identity information, a use policy providing instructions as to how the group 
identity information may be used, at least a first key, and a group identity information 
document signature signed using a second key associated with the first key in the identity 
information document; and 

sending the group-signed group identity information docimient to a receiving 
system to establish the new group identity at the receiving system. 

2. (Canceled) 

3 . (Previously presented) The method of claim 1 , further comprising: 

sending a group-signed membership identity information document with the 

group-signed group identity information document to the receiving system to establish 
membership of an originator of the membership identity information document in the 
new group identity established at the receiviug system. 

4. (Previously presented) The method of claim 3 further comprising: 

receiving the new group-signed membership identity information document firom 
the originator; 

detecting whether the group associated with the membership identity information 
document has been accepted; and 
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assigning security protocols to communications from the originator based on the 
group identity information if the group identity information is accepted. 



5 . (Original) The method of claim 3, wherein the act of sending comprises: 

storing the group-signed membership identity information document in an 
initiating system; 

retrieving the group-signed membership identity information document; 

attaching the group-signed membership identity information document to the 
message; and 

sending the message to the receiving system. 

6. (Previously presented) The method of claim 3, further comprising: 

sending to the receiving system a self-signed personal identity information 
document of the originator of the message to establish at the receiving system identity of 
the originator in addition to originator's membership in the new group. 

7. (Previously presented) The method of claim 6, wherein the acts of 
sending a self-signed personal identity information document and group-signed 
membership identity information document comprises: 

generating the self-signed personal identity information document; 

attaching the self-signed personal identity information document to the message; 

retrieving the group-signed membership identity information document; 
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attaching the group-signed membership identity information document to the 

message; and 

sending the message to the receiving system. 

8. (Previously presented) The method of claim 6 further comprising: 

receiving the group-signed membership identity information document and the 
self-signed personal identity information document from the originator; 

detecting whether the new group associated with the membership identity 
information document is accepted and whether the person associated with the personal 
identity information docimient is accepted; 

assigning first security protocols to communications from the originator if the 
new group is accepted; and 

assigning second security protocols to communications from the originator if the 
person is accepted. 

9. (Previously Presented) In a communication system, an apparatus for 
estabUshing a new group identity comprising: 

an initiating system, comprising a processing unit and computer storage media, 
the computer storage media encoding modules for execution by the processing unit, 
including: 

a group ID generate module generating a group certificate [[having]] comprising 
at least a public key, a use policy providing instructions as to how the group identity 
information may be used, and a digital signature for the group; and 

a send module transmitting the group certificate to establish the new group 
identity at a receiving system. 
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1 0. (Previously presented) The apparatus of claim 9 further comprising: 

an attach module attaching a group membership certificate to a message 
originated by a sender; 

the send module transmitting the message to the receiving system to establish the 
sender as a member of the new group at the receiving system. 

1 1 . (Previously presented) The apparatus of claim 1 0 further comprising: 

a membership ID generate module generating a membership certificate having at 
least a public key of the sender and a digital signature for the new group; 

a save module, responsive to the membership ID generate module, storing the 
membership certificate; 

a retrieve module retrieving the membership certificate from the save module and 
providing the membership certificate to the attach module. 

12. (Previously presented) The apparatus of claim 1 0 further comprising: 

a receiving system, comprising a processing unit and computer storage media, the 
computer storage media encoding modules for execution by the processing unit, 
including: 

a receive module at the receiving system receiving the membership certificate; 

and 

an accept module at the receiving system detecting whether to accept the 
membership certificate. 
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13. (Previously presented) The apparatus of claim 12 further comprising: 

an assign module assigning a security identification to conmiunications firom the 
sender based on the new group associated with the membership certificate if the 
membership certificate is accepted by the accept module. 

14. (Previously presented) The apparatus of claim 10 further comprising: 

a personal ID generate module generating a personal certificate having at least a 
public key of the sender and a digital signature by the sender; and 

the send module transmitting the personal certificate to estabUsh the sender's 
identity at the receiving system. 

15. (Previously presented) The apparatus of claim 12 further comprising: 

a personal ID generate module generating a personal certificate having at least a 
public key of the sender and a digital signature by the sender; 

a receive module at the receiving system receiving tiie certificates; 

an accept module at the receiving system detecting if the certificates are to be 
accepted; 

an assign modide assigning a security protocol to communications from the 
sender based on a group identity associated with the membership certificate if the 
membership certificate is accepted by the accept module; 

the send module transmitting the personal certificate to establish the sender's 
identity at the receiving system; and 
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the assign module assigning a sectirity protocol to communications from the 
sender based on personal identity associated with the personal certificate if the personal 
certificate is accepted by the accept module. 

16. (Previously Presented) A computer storage medium readable by a 
computing system and encoding a computer program of instructions for executing a 
computer process for estabhshing a new group identity in communications between an 
initiating system and a receiving system, said computer process comprising: 

generating at the initiating system a group certificate [[having]] comprising at 
least a use policy providing instructions as to how the group identity information may be 
used, a group public key and a digital signature for the group signed with a group private 
key associated with group public key; 

sending the group certificate to the receiving system to establish the new group 
identity at the receiving system; 

sending a membership certificate to the receiving system to establish the 
originator as a member of the new group at the receiving system; 

generating a personal certificate having at least a public key of the originator and 
a digital signature for the originator signed by the originator with a private key associated 
with the public key of the originator; and 

sending the personal certificate to estabUsh the personal identity of the originator 
at the receiving system. 

17. (Canceled) 
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1 8 . (Previously presented) The computer readable medium of claim 1 6 
wherein the process further comprises: 

creating the membership certificate at the initiating system, the membership 
certificate having at least a public key of the originator and a digital signature signed 
using the group private key. 

1 9. (Previously presented) The computer readable medium of claim 1 6 
wherein the process fiirther comprises: 

receiving the membership certificate at the receiving system; and 

testing acceptance of the group identity received in the membership certificate. 

20. (Previously presented) The computer readable medium of claim 19 
wherein the process fiirther comprises: 

assigning a security protocol to conmumications firom the originator based on the 
new group identity if the membership certificate is accepted by the act of testing. 

21. (Canceled) 

22. (Previously presented) The computer readable medium of claim 1 6 
wherein the process fiuther comprises: 

accepting the identity information in the certificates received at the receiving 
system if the certificates have been previously accepted; 
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assigning a security identification to communications from the originator based on 
the group identity information if the membership certificate is accepted; and 

assigning a security identification to communications from the originator based on 
the personal identity information of the originator if the personal certificate is accepted. 
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